一,场景需求
公司局域网有台服务器,部署了gitlab做为代码仓库,需要从外网通过域名访问,路由器无法管理所以不能绑定端口,于是就用到了FRP(Fast Reverse Proxy),具体科普可移步👉官网查阅
二,物料准备
三,下载安装
服务端是指公网服务器,客户端是指内网服务器,根据自己的服务器类型,选择对应版本下载,我的都是linux,就直接上命令了。以下是在服务端操作的(客户端也一样,因为两端文件在同一个包内)
sudo cd /usr/local
sudo wget https://github.com/fatedier/frp/releases/download/v0.58.0/frp_0.58.0_linux_amd64.tar.gz
sudo tar -xzvf frp_0.58.0_linux_amd64.tar.gz
cd frp_0.58.0_linux_amd64进入目录后,文件列表如下
.
├── frpc
├── frpc.toml
├── frps
├── frps.toml
└── LICENSE五个文件,分为三组,frpc和frpc.toml是客户端文件(文件名最后一个字母是client的首字母),frps和frps.toml是服务端文件(文件名最后一个字母是server的首字母),LICENSE是授权文件,可忽略。客户端和服务端的文件都在一个包里,将对应文件分别保存到对应服务器上。我建了目录,便于区分管理
#服务端文件目录
sudo mkdir server
sudo mv frps frps.toml server
#客户端文件目录(以下两行可以省略,直接将文件拷贝到内网服务器)
sudo mkdir client
sudo mv frpc frpc.toml client四,编辑服务端配置文件,并创建及启动服务
进入服务端目录,编辑frps.toml内容如下,然后保存退出。关于配置项的说明,请参考官网👈
bindPort = 7000
vhostHTTPPort = 8008
webServer.addr = "0.0.0.0"
webServer.port = 7500
webServer.user = "admin"
webServer.password = "123456789"😈🫵高能预警:toml文件大小写敏感,单行或行尾不能有#注释,不能有分组符号[],或许是版本原因,从网上搜到的资料都有注释,但我这个版本的加了就是跑不起来,各位也可自行尝试。配置文件中用到的所有端口,都要允许通过防火墙,像阿里云的ECS,就需要在安全组中追加上述端口并允许通过。
通过systemd创建服务,并设置开机启动
######通过systemd创建服务并开机启动
sudo vi /etc/systemd/system/frps.service
######写入内容,保存退出
[Unit]
# 服务名称,可自定义
Description = frp server
After = network.target syslog.target
Wants = network.target
[Service]
Type = simple
# 启动frps的命令,需修改为您的frps的安装路径
ExecStart = /usr/local/frp_0.58.0_linux_amd64/server/frps -c /usr/local/frp_0.58.0_linux_amd64/server/frps.toml
[Install]
WantedBy = multi-user.target#开机启动
sudo systemctl enable frps
# 启动frp
sudo systemctl start frps
# 停止frp
sudo systemctl stop frps
# 重启frp
sudo systemctl restart frps
# 查看frp状态
sudo systemctl status frps启动服务后,访问http://公网IP:7500,输入用户名密码,即可登录控制台,看到服务状态及相关统计信息
五,客户端编辑frpc.toml,下载安装同服务端
serverAddr = "公网IP"
serverPort = 7000
webServer.addr = "0.0.0.0"
webServer.port = 7400
webServer.user = "admin"
webServer.password = "123456789"
[[proxies]]
name = "ssh"
type = "tcp"
localIP = "127.0.0.1"
localPort = 22
remotePort = 2288
[[proxies]]
name = "web"
type = "http"
localPort = 80
customDomains = ["gitlab.xxxx.com"][[proxies]]代理配置部分,根据需求可配置多个,第一部分是SSH,这样也可以远程登录内网服务器,第二部分就是gitlab的配置,其他类型可参考官网
六,创建服务及查看控制台也同服务端,只是要把路径及文件替换成客户端的
#######创建文件
sudo vi /etc/systemd/system/frpc.service
#######写入内容,保存退出
[Unit]
# 服务名称,可自定义
Description = frp server
After = network.target syslog.target
Wants = network.target
[Service]
Type = simple
# 启动frps的命令,需修改为您的frps的安装路径
ExecStart = /usr/local/frp_0.58.0_linux_amd64/client/frpc -c /usr/local/frp_0.58.0_linux_amd64/client/frpc.toml
[Install]
WantedBy = multi-user.target#######开机启动
sudo systemctl enable frpc
#######启动frp
sudo systemctl start frpc
#######停止frp
sudo systemctl stop frpc
#######重启frp
sudo systemctl restart frpc
#######查看frp状态
sudo systemctl status frpc七,启动客户端服务
sudo systemctl start frpc八,查看服务端状态,一切正常显示如下
# service frps status -l
Redirecting to /bin/systemctl status -l frps.service
● frps.service - frps service
Loaded: loaded (/etc/systemd/system/frps.service; enabled; vendor preset: disabled)
Active: active (running) since Wed 2024-05-08 16:05:55 CST; 3s ago
Main PID: 9786 (frps)
Tasks: 5
Memory: 13.2M
CGroup: /system.slice/frps.service
└─9786 /usr/local/frp_0.57.0_linux_amd64/server/frps -c /usr/local/frp_0.57.0_linux_amd64/server/frps.toml
May 08 16:05:55 iZgw814a4a0bguz1ubtyxmZ frps[9786]: 2024-05-08 16:05:55.590 [I] [frps/root.go:105] frps uses config file: /usr/local/frp_0.57.0_linux_amd64/server/frps.toml
May 08 16:05:55 iZgw814a4a0bguz1ubtyxmZ frps[9786]: 2024-05-08 16:05:55.775 [I] [server/service.go:237] frps tcp listen on 0.0.0.0:7000
May 08 16:05:55 iZgw814a4a0bguz1ubtyxmZ frps[9786]: 2024-05-08 16:05:55.775 [I] [server/service.go:304] http service listen on 0.0.0.0:8008
May 08 16:05:55 iZgw814a4a0bguz1ubtyxmZ frps[9786]: 2024-05-08 16:05:55.775 [I] [frps/root.go:114] frps started successfully
May 08 16:05:55 iZgw814a4a0bguz1ubtyxmZ frps[9786]: 2024-05-08 16:05:55.775 [I] [server/service.go:350] dashboard listen on 0.0.0.0:7500
May 08 16:05:56 iZgw814a4a0bguz1ubtyxmZ frps[9786]: 2024-05-08 16:05:56.620 [I] [server/service.go:575] [3c7c7f9a27446b34] client login info: ip [xx.xxx.xxx.x:53818] version [0.57.0] hostname [] os [linux] arch [amd64]
May 08 16:05:56 iZgw814a4a0bguz1ubtyxmZ frps[9786]: 2024-05-08 16:05:56.939 [I] [proxy/http.go:110] [3c7c7f9a27446b34] [web] http proxy listen for host [gitlab.xxxx.com] location [] group [], routeByHTTPUser []
May 08 16:05:56 iZgw814a4a0bguz1ubtyxmZ frps[9786]: 2024-05-08 16:05:56.939 [I] [server/control.go:401] [3c7c7f9a27446b34] new proxy [web] type [http] success
May 08 16:05:56 iZgw814a4a0bguz1ubtyxmZ frps[9786]: 2024-05-08 16:05:56.939 [I] [proxy/tcp.go:82] [3c7c7f9a27446b34] [ssh] tcp proxy listen port [2288]
May 08 16:05:56 iZgw814a4a0bguz1ubtyxmZ frps[9786]: 2024-05-08 16:05:56.939 [I] [server/control.go:401] [3c7c7f9a27446b34] new proxy [ssh] type [tcp] success九,查看客户端状态
service frpc status -l
Redirecting to /bin/systemctl status -l frpc.service
● frpc.service - frp client
Loaded: loaded (/etc/systemd/system/frpc.service; enabled; vendor preset: disabled)
Active: active (running) since 三 2024-05-08 15:48:50 CST; 5h 0min ago
Main PID: 23748 (frpc)
Tasks: 18
CGroup: /system.slice/frpc.service
└─23748 /usr/local/frp_0.57.0_linux_amd64/client/frpc -c /usr/local/frp_0.57.0_linux_amd64/client/frpc.toml
5月 08 16:03:44 localhost.localdomain frpc[23748]: 2024-05-08 16:03:44.471 [I] [client/service.go:294] [3c7c7f9a27446b34] try to connect to server...
5月 08 16:03:45 localhost.localdomain frpc[23748]: 2024-05-08 16:03:45.701 [I] [client/service.go:286] [3c7c7f9a27446b34] login to server success, get run id [3c7c7f9a27446b34]
5月 08 16:03:45 localhost.localdomain frpc[23748]: 2024-05-08 16:03:45.702 [I] [proxy/proxy_manager.go:173] [3c7c7f9a27446b34] proxy added: [ssh web]
5月 08 16:03:46 localhost.localdomain frpc[23748]: 2024-05-08 16:03:46.212 [I] [client/control.go:170] [3c7c7f9a27446b34] [web] start proxy success
5月 08 16:03:46 localhost.localdomain frpc[23748]: 2024-05-08 16:03:46.212 [I] [client/control.go:170] [3c7c7f9a27446b34] [ssh] start proxy success
5月 08 16:05:55 localhost.localdomain frpc[23748]: 2024-05-08 16:05:55.748 [I] [client/service.go:294] [3c7c7f9a27446b34] try to connect to server...
5月 08 16:05:56 localhost.localdomain frpc[23748]: 2024-05-08 16:05:56.773 [I] [client/service.go:286] [3c7c7f9a27446b34] login to server success, get run id [3c7c7f9a27446b34]
5月 08 16:05:56 localhost.localdomain frpc[23748]: 2024-05-08 16:05:56.773 [I] [proxy/proxy_manager.go:173] [3c7c7f9a27446b34] proxy added: [ssh web]
5月 08 16:05:57 localhost.localdomain frpc[23748]: 2024-05-08 16:05:57.156 [I] [client/control.go:170] [3c7c7f9a27446b34] [web] start proxy success
5月 08 16:05:57 localhost.localdomain frpc[23748]: 2024-05-08 16:05:57.156 [I] [client/control.go:170] [3c7c7f9a27446b34] [ssh] start proxy success至此,内网穿透完成,访问http://gitlab.xxxx.com:8008,即可进入gitlab系统,同时也能通过 ssh -o Port=2288 root@公网IP 远程登录内网服务器。
FRP真是个好东西啊👍,太强大了,FRP还有一些其他能力,业务暂时不需要,就不深入研究了。
参考链接: